virus msn Fermé

Question

Bonsoir a tous

tout d'abord, merci de votre aide, de nous consacrer votre temps a nous les néophytes :)

comme bien d'autres avant moi, j'ai été infecté par le virus Msn qui apparement fait pas mal de dégat ces temps ci

j'ai parcouru les différentes discussions du forum relatives à ce pb, mais malheureusement inculte de l'informatique, j'ai bien du mal à m'en sortir

j'ai compri qu'il fallait faire un scan de la bête

le voici donc :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:40:47, on 15/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\VPro520.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ie/defaults/sb/ymsgr6/fr/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\PRINCI~1\LOCALS~1\Temp\services.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [update] C:\WINDOWS\update\hide C:\WINDOWS\update\ess.bat
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\GRAPHIKS CYRIL\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O4 - Global Startup: VPro520.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxdm414YYFR
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\GRAPHI~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www4.photoweb.fr/telechargement/Photoweb_uploader.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www2.photoweb.fr/telechargement/Photoweb_uploader.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.fr/
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/ImageUploader5.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

g!rly · Answer

tu voie c´est a cause de personnes comme toi que le virus msn fait des ravages !
ca m´enerve grandement !
tu ne sais meme pas si tu as un antivirus, et bien tu n´as aucune protection ! o_Ö 
tu fais quoi avec un pc? tu joue a des jeux ? achete plutot une console !

nonolecape · Answer

Logiciel installé (merci pour le tuto tres bien fait)

scan dont voici le rapport



AntiVir PersonalEdition Classic
Report file date: dimanche 16 mars 2008  10:33

Scanning for 1147670 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Username:         principal
Computer name:    CYRIL

Version information:
BUILD.DAT    : 270           15603 Bytes  19/09/2007 13:32:00
AVSCAN.EXE   : 7.0.6.1      290856 Bytes  23/08/2007 13:16:29
AVSCAN.DLL   : 7.0.6.0       49192 Bytes  16/08/2007 12:23:51
LUKE.DLL     : 7.0.5.3      147496 Bytes  14/08/2007 15:32:47
LUKERES.DLL  : 7.0.6.1       10280 Bytes  21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0    11030528 Bytes  18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.3.2     5447168 Bytes  07/03/2008 09:31:41
ANTIVIR2.VDF : 7.0.3.3        2048 Bytes  07/03/2008 09:31:41
ANTIVIR3.VDF : 7.0.3.31     158208 Bytes  14/03/2008 09:31:41
AVEWIN32.DLL : 7.6.0.73    3334656 Bytes  16/03/2008 09:31:43
AVWINLL.DLL  : 1.0.0.7       14376 Bytes  26/02/2007 10:36:26
AVPREF.DLL   : 7.0.2.2       25640 Bytes  18/07/2007 07:39:17
AVREP.DLL    : 7.0.0.1      155688 Bytes  16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3      360488 Bytes  16/03/2008 09:31:43
AVREG.DLL    : 7.0.1.6       30760 Bytes  18/07/2007 07:17:06
AVARKT.DLL   : 1.0.0.20     278568 Bytes  28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20      86056 Bytes  18/07/2007 07:10:18
NETNT.DLL    : 7.0.0.0        7720 Bytes  08/03/2007 11:09:42
RCIMAGE.DLL  : 7.0.1.30    2342952 Bytes  07/08/2007 12:38:13
RCTEXT.DLL   : 7.0.62.0      86056 Bytes  21/08/2007 12:50:37
SQLITE3.DLL  : 3.3.17.1     339968 Bytes  23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:, 
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 16 mars 2008  10:33

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'avant.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'VPro520.exe' - '1' Module(s) have been scanned
Scan process 'NkvMon.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'ntvdm.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'AOSD.EXE' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'ABOARD.EXE' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'ALCWZRD.EXE' - '1' Module(s) have been scanned
Scan process 'SoundMan.exe' - '1' Module(s) have been scanned
Scan process 'symwsc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'slserv.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'CLMLService.exe' - '1' Module(s) have been scanned
Scan process 'CLMLServer.exe' - '1' Module(s) have been scanned
Scan process 'CLSched.exe' - '1' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
48 processes with 48 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
      [NOTE]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '43' files ).


Starting the file scan:

Begin scan in 'C:\' <HDD>
C:\pagefile.sys
      [WARNING]   The file could not be opened!
C:\winupd.bat
      [DETECTION] Contains detection pattern of the batch virus BAT/Zapchast.7
      [INFO]      The file was moved to '484ae9e2.qua'!
C:\Documents and Settings\principal\Application Data\Sun\Java\Deployment\cache\6.0\46\4db6712e-3810ce20
  [0] Archive type: ZIP
  --> Matrix.class
      [DETECTION] Contains detection pattern of the Java virus JAVA/Beyond.D3
  --> Dummy.class
      [DETECTION] Is the Trojan horse TR/Forten.Java.2
      [INFO]      The file was moved to '483eeece.qua'!
C:\Documents and Settings\principal\Application Data\Sun\Java\Deployment\cache\6.0\57\5319c679-72cae79d
  [0] Archive type: ZIP
  --> GetAccess.class
      [DETECTION] Contains detection pattern of the Java virus JAVA/OpenConnect.AJ
  --> Installer.class
      [DETECTION] Contains detection pattern of the Java virus JAVA/OpenConnect.AK
  --> NewSecurityClassLoader.class
      [DETECTION] Contains detection pattern of the Java virus JAVA/ByteVerify.G.2
  --> NewURLClassLoader.class
      [DETECTION] Contains detection pattern of the Java virus JAVA/ByteVerify.G.3
      [INFO]      The file was moved to '480dee9e.qua'!
C:\Documents and Settings\principal\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jpg-301c72d2-5c95d68d.zip
      [DETECTION] Contains detection pattern of the Java virus JAVA/ClassLdr.I.2
      [INFO]      The file was moved to '4851eedd.qua'!
C:\Documents and Settings\principal\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-1109b54b-2f131640.zip
      [DETECTION] Contains detection pattern of the Java virus JAVA/ByteVerify.G.3
      [INFO]      The file was moved to '4852eed0.qua'!
C:\Documents and Settings\principal\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv433.jar-1f248ffd-321e8066.zip
      [DETECTION] Is the Trojan horse TR/Forten.Java.2
      [INFO]      The file was moved to '483deede.qua'!
C:\Documents and Settings\principal\Local Settings\Temp\services.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [INFO]      The file was moved to '484eef84.qua'!
C:\JEUX CYRIL\A ARCHIVER\Le Seigneur Des Anneaux La Bataille Pour La Terre Du Milieu Jeux Pc Complet Fr Avec Crack.rar
  [0] Archive type: RAR
    --> Le Seigneur Des Anneaux La Bataille Pour La Terre Du Milieu\Comment Gagner gros sur internet by ANGE.zip
      [1] Archive type: ZIP
      --> Comment Gagner gros sur internet by ANGE/La 1&#138;re astuce pour tricher avec eurobarre.zip
        [2] Archive type: ZIP
        --> La 1&#138;re astuce pour tricher avec eurobarre/Eurofake.exe
            [DETECTION] Contains detection pattern of the worm WORM/MSN.Kelvir.AC
      [INFO]      The file was moved to '47fcf72e.qua'!
C:\SONS\Pour IPOD\Raphael - Hotel De L Univers -Album 192Kbps - Dtmf.ace
  [0] Archive type: ACE
  --> Raphael - Hotel 01 - Cel&#133; nous aurait suffit.mp3
      [WARNING]   Error creating the file
  --> Raphael - Hotel 02 - Qu' on est bien dans ce monde.mp3
      [WARNING]   No further files can be extracted from this archive. The archive will be closed
      [WARNING]   No further files can be extracted from this archive. The archive will be closed


End of the scan: dimanche 16 mars 2008  12:41
Used time:  2:08:09 min

The scan has been done completely.

   9465 Scanning directories
 683659 Files were scanned
     12 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      8 files were moved to quarantine
      0 files were renamed
      1 Files cannot be scanned
 683647 Files not concerned
  10141 Archives were scanned
      4 Warnings
     17 Notes

g!rly · Answer

bonjour nonolecape et blondain71,

nonolecape

excuse moi de m´être emportée...

Pour me rattraper et essayer de te prouver ma bonne foie je vais t´aider.

fais ceci dans un premier temps : (antivir a detecté des infections du coté de java)

regarde ce tutorial pour mettre ta console java a jour :
 
https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/

puis passe ceci :

Téléchargez MSNFix.zip (de !aur3n7) sur votre bureau:
http://sosvirus.changelog.fr/MSNFix.zip
Décompressez-le (clic droit >> Extraire ici) et double cliquer sur le fichier MSNFix.bat.
- Exécutez l'option R.
-- Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage

Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal

- Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt

Tuto :

https://www.malekal.com/supprimer-virus-desinfecter-pc/

@+

jalobservateur · Answer

Bonjour à tous.
G!rly, je comprends un peu 'ton débordement' ...
Ces foutus Virus, Trojan, Msn qui se contractent en plus en 'absence' de 'condom' !
http://img229.imageshack.us/img229/387/trojanlk7.jpg][/url]
Commence gravement à peser sur le 'gros nerf"
Cette saloperie devra devenir bientôt à 'divugation obligatoire'
Calmons nos souris ou nos rats, Condom plus de plaisir avec des machines saines !

"http://img217.imageshack.us/img217/4233/antiviruscb8.jpg" 
Il est pas défendu de s'exprimer
Mais Préservons donc nos machines 
Et gardon l'oeil ouvert... [img=http://img235.imageshack.us/img235/8084/contrelamyopiews8.jpg][/url]


S"V"P. ((Veuillez lire attentivement les recommandations.))
((Cela évite de répéter)). (Firefox) = ((Navigations + Sécuritaires!!!)) (GMT-5h: Québec, CA)

nonolecape · Answer

re bonsoir

j'ai réussis a mettre a jour java youpi :D


c'était compliqué mais je crois que j'ai réussis, merci pour les tuto

pour le rapport msnfix, j'ai eu ceci apres redémarrage, j'espère que c'est celui qu'il vous fallais

MSNFix 1.685  
 
C:\Documents and Settings\principal\Bureau\MSNFix 
Fix exécuté le 17/03/2008 -  0:07:15,12 By principal 
mode normal    
    
************************ Recherche les fichiers présents      
    
... C:\DOCUME~1\PRINCI~1\LOCALS~1\Temp\Setup.exe 
 
************************ Recherche les dossiers présents       
 
Aucun dossier trouvé 
 
 
 
 
************************ Suppression des fichiers       
    
.. OK ... C:\DOCUME~1\PRINCI~1\LOCALS~1\Temp\winlogon.exe 
.. OK ... C:\DOCUME~1\PRINCI~1\LOCALS~1\Temp\services.exe 
.. OK ... C:\WINDOWS\system32\LOCALS~1 
.. OK ... C:\DOCUME~1\PRINCI~1\LOCALS~1\Temp\Setup.exe  
 
 
 
************************ Nettoyage du registre 
 
 
 
Les fichiers encore présents seront supprimés au prochain redémarrage 
 
 
Aucun Fichier trouvé 
 
 
 
************************ Fichiers suspects 
 
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention 
 
[C:\DOCUME~1\PRINCI~1\LOCALS~1\Temp\azemp-win32_1.8.4.zip] 4985C3DC65CE4258DC651302FB8775EF 
[C:\DOCUME~1\PRINCI~1\LOCALS~1\Temp\azemp-win32_1.9.0.zip] FDE8CAAC6827E349CF2E3CAD7A3C82F1 
[C:\DOCUME~1\PRINCI~1\LOCALS~1\Temp\azemp-win32_1.9.11.zip] 92774C9AFE1F090877A36F58AD2CA53D 
[C:\DOCUME~1\PRINCI~1\LOCALS~1\Temp\azemp-win32_1.9.6.zip] 9F39AA11920C19F595B01E882C194670 
[C:\DOCUME~1\PRINCI~1\LOCALS~1\Temp\azemp-win32_2.0.11.zip] E1C06D7135995362E611F44AE3617220 
[C:\DOCUME~1\PRINCI~1\LOCALS~1\Temp\azplatform2_1.16.zip] ECDA1168AD8D8DEBD7A69C8B5B04DF6D 
[C:\DOCUME~1\PRINCI~1\LOCALS~1\Temp\azupdater_1.8.5.zip] 2AC49B3BF78D09BC78DCFE649BC337C0 
[C:\DOCUME~1\PRINCI~1\LOCALS~1\Temp\azupdater_1.8.8.zip] FE9F0AFA888DFF4FCF0AC6932C6B8CE0 
[C:\DOCUME~1\PRINCI~1\LOCALS~1\Temp\azupnpav_0.1.6.zip] 2D1B516AC6FFA03DCBA6C80C9C348156 
[C:\DOCUME~1\PRINCI~1\LOCALS~1\Temp\azupnpav_0.1.7.zip] 9FFA8574D012893CCBE950761E0AD870 
[C:\DOCUME~1\PRINCI~1\LOCALS~1\Temp\azupnpav_0.2.0.zip] F26FD74D0FB64A779EFEB34AC6E6AC4D 
[C:\DOCUME~1\PRINCI~1\LOCALS~1\Temp\epurcfrver20.dll.zip] 46F3E109486AF1953DA09BD212F8A6E2 
[C:\DOCUME~1\PRINCI~1\LOCALS~1\Temp\swt-3347-az-win32-win32-x86.zip] 55A6725CD2D48DDC721414CFFDB91CFC 
[C:\DOCUME~1\PRINCI~1\LOCALS~1\Temp\swt-3430-win32-win32-x86.zip] F5D27C6236E44C0219F3BB2C633DC819 

[color=#FF0000][b]==>/b/color SVP merci d'envoyer le fichier  [b] C:\DOCUME~1\PRINCI~1\Bureau\Upload_Me.zip /b sur http://upload.changelog.fr

 
  
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 17032008_ 0110496.zip
 
************************ HKLM\...\Winlogon\Userinit 
 
Userinit = C:\WINDOWS\system32\userinit.exe, 


------------------------------------------------------------------------  
Auteur : !aur3n7                     Contact: https://www.ionos.fr/     
------------------------------------------------------------------------   
 
---------------------------------------------   END   --------------------------------------------- 
 
bonne nuit a tous

g!rly · Answer

ok tres bien ;-)

la suite :

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe     

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message ainsi qu´un nouveau rapport hijack this.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

@+

nonolecape · Answer

bonjour voici le rapport combofix ComboFix 08-03-14.4 - principal 2008-03-17 10:22:38.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.661 [GMT 1:00] Endroit: C:\Documents and Settings\principal\Bureau\ComboFix.exe * Création d'un nouveau point de restauration . [i] ADS - system32: deleted 926928 bytes in 2 streams. /i (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\FunWebProducts C:\Program Files\FunWebProducts\ScreenSaver\Images\[u]0/uB344AE5.urr C:\Program Files\MyWebSearch C:\Program Files\MyWebSearch\bar\History\search2 C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm C:\Program Files\MyWebSearch\bar\Settings\s_bfeats.dat C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat C:\Program Files\MyWebSearch\bar\Settings\setting2.htm C:\Program Files\MyWebSearch\bar\Settings\settings.dat . ((((((((((((((((((((((((((((( Fichiers créés 2008-02-17 to 2008-03-17 )))))))))))))))))))))))))))))))))))) . 2008-03-16 10:30 . 2008-03-16 10:30 d-------- C:\Program Files\Avira 2008-03-16 10:30 . 2008-03-16 10:30 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-03-13 08:49 . 2008-03-13 08:52 d-------- C:\Documents and Settings\principal\Application Data\Avant Profiles 2008-03-12 12:01 . 2008-03-12 12:01 0 --a------ C:\WINDOWS\PCS7.LIC 2008-03-12 11:58 . 2008-03-12 12:10 d-------- C:\Program Files\PCStitch 7 2008-03-07 17:56 . 2008-03-07 17:56 d-------- C:\Program Files\Trend Micro . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-16 22:44 --------- d-----w C:\Program Files\Java 2008-03-13 22:58 --------- d-----w C:\Documents and Settings\principal\Application Data\Azureus 2008-03-13 07:49 --------- d-----w C:\Program Files\Avant Browser 2008-03-13 07:49 --------- d-----w C:\Documents and Settings\principal\Application Data\Avant Browser 2008-03-12 10:58 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-10 18:23 --------- d-----w C:\Program Files\Azureus 2008-02-14 11:08 --------- d-----w C:\Program Files\DivX 2008-02-03 09:47 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe 2008-02-03 09:47 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2008-02-03 09:47 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-02-03 09:47 22,328 ----a-w C:\Documents and Settings\principal\Application Data\PnkBstrK.sys 2008-02-03 09:47 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-02-03 09:32 --------- d-----w C:\Program Files\Electronic Arts 2008-02-03 09:15 --------- d-----w C:\Program Files\Activision 2008-01-31 10:39 --------- d-----w C:\Program Files\City of Heroes 2008-01-28 21:15 --------- d-----w C:\Documents and Settings\principal\Application Data\DivX 2008-01-27 19:47 --------- d-----w C:\Documents and Settings\principal\Application Data\Lavasoft 2008-01-27 19:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2008-01-27 19:38 --------- d-----w C:\Program Files\MSN Messenger 2008-01-27 19:29 --------- d-----w C:\Program Files\iPod 2008-01-27 19:29 --------- d-----w C:\Program Files\Canon 2008-01-27 19:28 --------- d-----w C:\Program Files\Google 2008-01-27 19:28 --------- d-----w C:\Program Files\GameSpy Arcade 2008-01-26 14:05 --------- d-----w C:\Documents and Settings\principal\Application Data\Nero 2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-12-18 23:26 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys 2007-05-02 20:04 89,104 ----a-w C:\Documents and Settings\principal\Application Data\GDIPFONTCACHEV1.DAT 2005-04-07 16:51 56 --sh--r C:\WINDOWS\system32\8DE3CB1CFB.sys 2005-04-07 16:51 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360] "update"="C:\WINDOWS\update\hide C:\WINDOWS\update\ess.bat" [ ] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [ ] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 08:59 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 14:00 208952] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168] "Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 15:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe] "SoundMan"="SOUNDMAN.EXE" [2004-09-10 18:29 77824 C:\WINDOWS\SoundMan.exe] "AlcWzrd"="ALCWZRD.EXE" [2004-09-15 11:20 2557952 C:\WINDOWS\ALCWZRD.EXE] "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-01-28 11:10 110740] "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31 24576] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-03-03 10:38 180269] "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2003-12-15 17:56 81920] "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-12-04 11:34 406016] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58 282624] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36 256576] "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2006-10-17 02:20 398944] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-16 10:31 249896] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-27 19:29:19 110592] Microsoft Office.lnk - C:\GRAPHIKS CYRIL\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360] NkvMon.exe.lnk - C:\Program Files\Nikon\NkView5\NkvMon.exe [2006-09-19 19:47:35 233472] VPro520.lnk - C:\WINDOWS\VPro520.exe [2007-11-07 20:16:46 73728] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%ProgramFiles%\AOL 9.0\aol.exe"= "%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe"= "%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe"= "%windir%\system32\sessmgr.exe"= "C:\APPS\Inventime\my.exe"= "C:\Program Files\Yahoo!\Messenger\YServer.exe"= "C:\WINDOWS\system32\javaw.exe"= "C:\Program Files\Internet Explorer\IEXPLORE.EXE"= "C:\Program Files\Real\RealPlayer\realplay.exe"= "C:\Program Files\Sony\Station\Launchpad\LaunchPad.exe"= "C:\Program Files\MSN Messenger\msnmsgr.exe"= "C:\Program Files\MSN Messenger\livecall.exe"= "C:\Program Files\Azureus\Azureus.exe"= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"= "C:\Program Files\Fichiers communs\AOL\Loader\aolload.exe"= "C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"= "C:\Program Files\iTunes\iTunes.exe"= "C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"= "C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"= "C:\WINDOWS\system32\PnkBstrA.exe"= "C:\WINDOWS\system32\PnkBstrB.exe"= R0 d343bus;d343bus;C:\WINDOWS\system32\DRIVERS\d343bus.sys [2003-12-15 17:46] R0 d343port;d343port;C:\WINDOWS\system32\DRIVERS\d343port.sys [2003-12-15 16:29] R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2004-08-05 14:00] R3 SPC520;Philips SPC520NC PC Camera;C:\WINDOWS\system32\drivers\SPC520.sys [2007-03-27 21:27] R3 SPC520m;Philips SPC520NC PC Cameram;C:\WINDOWS\system32\drivers\SPC520m.sys [2007-03-27 21:27] R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] S4 Usbiptscis;Usbiptscis;C:\WINDOWS\system32\perfmon.exe [2004-08-05 14:00] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3A5656F7-2047-E7E4-018D-FD278FC908BD}] C:\WINDOWS\system32:Explore.exe . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2006-10-07 08:55:42 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-17 10:27:12 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MysqlInventime] "ImagePath"="c:\mysql\bin\mysqld-nt MysqlInventime" . Temps d'accomplissement: 2008-03-17 10:27:41 ComboFix-quarantined-files.txt 2008-03-17 09:27:39 . 2008-03-12 23:03:06 --- E O F --- le HJT arrive ;)

nonolecape · Answer

rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:48, on 17/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\D-Tools\daemon.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\WINDOWS\VPro520.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ie/defaults/sb/ymsgr6/fr/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [update] C:\WINDOWS\update\hide C:\WINDOWS\update\ess.bat
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\GRAPHIKS CYRIL\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O4 - Global Startup: VPro520.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\GRAPHI~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www4.photoweb.fr/telechargement/Photoweb_uploader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www2.photoweb.fr/telechargement/Photoweb_uploader.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.fr/
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/ImageUploader5.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

sousou99FR · Answer

Bon jour à tous !!  BESOIN DE  SUPER EXPERT 
 bon pour info j'ai  quelque connaissance qui me permettent habituellement de me débarasser sans probleme des virus toutes seules  sauf que  je capitule :voila sa fait quelque temps que jai reçue un lien sur msn vers un site web piraté .après le lien a  été envoié à tous mes contacts .jai essaye de le retirer  par avast rien .jai essayé msnfix kif-kif (pareil )probleme dans le scan .  sdfix aussi .en plus jai en plus l'impresion que mon ordi rame énormement .et je ne peux pas le formaté 
donc je fais  un scan avec hijackthis car puisqu on y est autant nettoyé a fond mon ordi de manière méticuleuse ;-)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:22, on 17/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
F:\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32undll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
F:\parefeu\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
F:\parefeu\kpf4gui.exe
F:\parefeu\kpf4gui.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminator.exe
C:\Documents and Settings\user\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (file missing)
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) - 
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - F:\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - F:\parefeu\kpf4ss.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Moon Secure Antivirus Core (msav) - Unknown owner - F:\Moon Secure Antivirus\msavcore.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcappcapd.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
O24 - Desktop Component 0: (no name) - file:///C:/E__/SITE/dos%20sit/aide/R/pag2/ima2.gif

g!rly · Answer

alors :

pour le par feu si tu as pris kerio desinstale le et prends celui ci a la place :

Online armor :

http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall

tuto : https://forum.pcastuces.com/sujet.asp?f=25&s=35606

redemarre en mode sans echec:

Comment redémarrer en mode sans echec? 

   Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
   Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
   capture d´ecran : http://www.coupdepoucepc.com/images_cdppc4/fichespratiques/windowsxp/modese/modese2.jpg
   Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
   Ps : si F8 ne marche pas utilise la touche F5.

Note : en mode sans echec tu n´auras plus acces au net alors imprime ou copie les instructions ci dessous dans un fichier texte que tu pourras consulter a souhait
une fois en mode sans echec.

Fix.reg

Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisie nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait-sans les barres(x)) :

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4

HKEY_USERS\S-1-5-21-2597910702-2662300819-912254051-1008\Software\Microsoft\Windows\Curre­ntVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"i"=-
[HKEY_USERS\S-1-5-21-2597910702-2662300819-912254051-1008\Software\Microsoft\Windows\Curre­ntVersion\Explorer\ComDlg32\OpenSaveMRU\exe]
"i"=-
[HKEY_USERS\S-1-5-21-2597910702-2662300819-912254051-1008\Software\Microsoft\Windows\Shell­NoRoam\MUICache]
"C:\WINDOWS\VPro520.exe"=-

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Note : Regedit4 est sur la premiere ligne dans le bloc note et il y a une ligne blanche a la fin. 
Puis click sur "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"

ca doit ressembler a ca une fois enrregistré :

http://img520.imageshack.us/img520/4251/screenshot005ps2.png

quitte internet et double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"

* Double-clique sur OTMoveIt.exe pour lancer le programme,
* Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste Custom List of Files/Folders to Move" :

c:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\VPro520.lnk
c:\WINDOWS\PREFETCH\VPRO520.EXE-2A053465.pf 
C:\WINDOWS\VPro520.exe

* Clique sur MoveIt! pour lancer la suppression,
* Le résultat appraraîtra dans le cadre Results.
* Clique sur Exit pour fermer le programme.
* Poste le rapport qui est situé ici : C:\\_OTMoveIt\MovedFiles
* Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

Redemarre normalement et post le rapport de ot_move it ici stp ainsi qu´un nouveau rapport hijack this.

@+

sousou99FR · Answer

désolé javais pas remarqué .merçie .encore de mavoir répondu!!

g!rly · Answer

bonsoir, 

fais ceci :

tu surf avec internet explorer 6.0 = failles de securitées importantes

alors fais les mises a jour windows : tu veux la version 7.0 

https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70 

et pourquoi ne pas surfer avec firefox? = plus sur,  tout en gardant ie 7.0 pour les mises a jour windows car impossible a effectuer sous firefox

http://www.mozilla-europe.org/fr/

plugins : ad block plus

https://www.hugedomains.com/domain_profile.cfm?d=geckozone&e=org

puis

supprime ce dossier : C:\Program Files\Fichiers communs\Symantec Shared

puis fais ceci : 

1°- « Démarrer » > « Executer » > taper cmd >

sc stop "SymWMI Service" ==> [Enter]
sc config "SymWMI Service" start= disabled ==> [Enter]

ps : avec les guillemets

puis refais un scan complet de ta machine a l´aide d´antivir avec les reglages suivant :

une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes : 
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

post le résultat de scan ici stp

@+

g!rly · Answer

bonjour,

mets juste internet explorer a jour dans ce cas.

pour :

supprime ce dossier : C:\Program Files\Fichiers communs\Symantec Shared 

supprime le en mode sans echec 

puis perforemes le scan a l´aide d´antivir

@+

nonolecape · Answer

ouf ça y est, j'ai réussis a venir a bout des manips ;)

j'espère avoir fait ce qu'il fallait

voici le rapport antivir :



AntiVir PersonalEdition Classic
Report file date: dimanche 23 mars 2008  11:02

Scanning for 1161960 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Username:         principal
Computer name:    CYRIL

Version information:
BUILD.DAT    : 270           15603 Bytes  19/09/2007 13:32:00
AVSCAN.EXE   : 7.0.6.1      290856 Bytes  23/08/2007 13:16:29
AVSCAN.DLL   : 7.0.6.0       49192 Bytes  16/08/2007 12:23:51
LUKE.DLL     : 7.0.5.3      147496 Bytes  14/08/2007 15:32:47
LUKERES.DLL  : 7.0.6.1       10280 Bytes  21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0    11030528 Bytes  18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.3.2     5447168 Bytes  07/03/2008 09:31:41
ANTIVIR2.VDF : 7.0.3.62     337408 Bytes  21/03/2008 09:31:34
ANTIVIR3.VDF : 7.0.3.64      16384 Bytes  22/03/2008 09:31:36
AVEWIN32.DLL : 7.6.0.75    3334656 Bytes  19/03/2008 09:33:43
AVWINLL.DLL  : 1.0.0.7       14376 Bytes  26/02/2007 10:36:26
AVPREF.DLL   : 7.0.2.2       25640 Bytes  18/07/2007 07:39:17
AVREP.DLL    : 7.0.0.1      155688 Bytes  16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3      360488 Bytes  16/03/2008 09:31:43
AVREG.DLL    : 7.0.1.6       30760 Bytes  18/07/2007 07:17:06
AVARKT.DLL   : 1.0.0.20     278568 Bytes  28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20      86056 Bytes  18/07/2007 07:10:18
NETNT.DLL    : 7.0.0.0        7720 Bytes  08/03/2007 11:09:42
RCIMAGE.DLL  : 7.0.1.30    2342952 Bytes  07/08/2007 12:38:13
RCTEXT.DLL   : 7.0.62.0      86056 Bytes  21/08/2007 12:50:37
SQLITE3.DLL  : 3.3.17.1     339968 Bytes  23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Windows System Directory
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysdir.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, 
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: dimanche 23 mars 2008  11:02

Starting search for hidden objects.
An ARK instance is already running.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'NkvMon.exe' - '1' Module(s) have been scanned
Scan process 'icqdxlga.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'ntvdm.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'oaui.exe' - '0' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'AOSD.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'slserv.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'ABOARD.EXE' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'ALCWZRD.EXE' - '1' Module(s) have been scanned
Scan process 'CLMLService.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'SoundMan.exe' - '1' Module(s) have been scanned
Scan process 'CLMLServer.exe' - '1' Module(s) have been scanned
Scan process 'CLSched.exe' - '1' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'oasrv.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
46 processes with 46 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
      [NOTE]      No virus was found!
Master boot sector HD1
      [NOTE]      No virus was found!
      [WARNING]   The boot sector file could not be read!
      [WARNING]   Error code: 0x0015
Master boot sector HD2
      [NOTE]      No virus was found!
      [WARNING]   The boot sector file could not be read!
      [WARNING]   Error code: 0x0015
Master boot sector HD3
      [NOTE]      No virus was found!
      [WARNING]   The boot sector file could not be read!
      [WARNING]   Error code: 0x0015
Master boot sector HD4
      [NOTE]      No virus was found!
      [WARNING]   The boot sector file could not be read!
      [WARNING]   Error code: 0x0015

Start scanning boot sectors:
Boot sector 'C:\'
      [NOTE]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '40' files ).


Starting the file scan:

Begin scan in 'C:\WINDOWS\system32'
C:\WINDOWS\system32\drivers\OADriver.sys
      [WARNING]   The file could not be opened!
C:\WINDOWS\system32\drivers\OAmon.sys
      [WARNING]   The file could not be opened!
C:\WINDOWS\system32\drivers\oanet.sys
      [WARNING]   The file could not be opened!


End of the scan: dimanche 23 mars 2008  11:05
Used time: 02:35 min

The scan has been done completely.

    214 Scanning directories
  20500 Files were scanned
      0 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      3 Files cannot be scanned
  20500 Files not concerned
    103 Archives were scanned
      3 Warnings
      0 Notes

bon dimanche de paques

g!rly · Answer

Bonjour,

Ca me parait tres bien tout ca ;-)

Oui les cloches ont sonnées, bon dimanche de pâcques a toi également ;-)

Je pensse que tu ne doit plus avoir de soucis de ton coté ?

un nettoyage de printemps pour finir :

Ccleaner:

-> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo):

   http://www.commentcamarche.net/telecharger/telechargement 168 ccleaner

-> L´installer.

-> Une fois installé et lancé :

   Dans la colonne de gauche, click sur :

   ->"erreurs" :

      Coches toutes les cases sous"l´integrité du registre", puis click en bas sur "chercher des erreurs" une fois terminé, clic sur "reparer les erreurs", tu auras un message pour sauvegarder ta base de registre, tu click "oui" puis tu recommence jusqu'à ce qu'il ne trouve plus rien.
      
      ps : les sauvegardes que tu auras faites, pourront etre supprimées ulterieurement si tout va bien.

   ->"nettoyeur"
   
      quitte ton navigateur avant de le lancer, dans les propriétés du nettoyeur de l´onglet "windows" et "applications"décoche la derniere case (Avancé si elle est cochée) puis click sur "lancer le nettoyage" qunand il aura terminé le scan click en bas a droite sur "lancer le nettoyage" et accepte par oui.

-> Tutoriel en image :

   https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

-> Pour ceux qui voudraient aller plus loin en compagnie de jesses (fonctions avancés) :

   http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm 

et

telecharge et instal regcleaner:

http://www.01net.com/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/4894.html

tutorial :

https://forums.cnetfrance.fr

http://www.softastuces.com/tuto/maint/regcleaner/

@ bientot.

Virus msn

15 réponses

Discussions similaires